CN113612783A - Honeypot protection system - Google Patents
Honeypot protection system Download PDFInfo
- Publication number
- CN113612783A CN113612783A CN202110907998.3A CN202110907998A CN113612783A CN 113612783 A CN113612783 A CN 113612783A CN 202110907998 A CN202110907998 A CN 202110907998A CN 113612783 A CN113612783 A CN 113612783A
- Authority
- CN
- China
- Prior art keywords
- honeypot
- node
- virtual
- protection system
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1491—Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45587—Isolation or security of virtual machine instances
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45595—Network integration; Enabling network access in virtual machine instances
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application discloses a honeypot protection system, which uses a simulation node to simulate a real node in a protected network, and the simulation node is configured with all idle IP addresses in the protected network, so that the simulation node can be externally accessed as the real node in the protected network. In this case, if an attacker accesses the protected network, the attacker will not only access the real nodes in the protected network, but may access the simulation nodes, but because the simulation nodes do not run the actual network service, the possibility of the protected network being attacked is reduced, and the probability of the real server being attacked is also reduced. Meanwhile, the honeypot group can capture the flow data of the access simulation node and the protected network, so that the attack information can be captured by the honeypot, and the network security is protected and improved.
Description
Technical Field
The application relates to the technical field of computers, in particular to a honeypot protection system.
Background
At present, honeypots become an important protection mode for network security protection. At the core of the honeypot, real asset services are simulated and mixed in the real services. Besides simulating real service, the honeypot can also record attack related information in the attack response, and provide enough information for subsequent attack tracing.
Since honeypots are deployed in service networks and are intermixed with real services, it is a probabilistic matter for attackers to encounter honeypots. At present, honeypots are generally used for capturing the traffic of designated ports of real servers, and more idle IP addresses exist in a service network, so that the scope of attacking the service network by an attacker is limited to the used IP addresses, and therefore the attack probability of the real servers is relatively high.
Therefore, how to reduce the probability of the real server being attacked and improve the network security is a problem to be solved by those skilled in the art.
Disclosure of Invention
In view of this, an object of the present application is to provide a honeypot protection system, so as to reduce the probability of the real server being attacked and improve the network security. The specific scheme is as follows:
in a first aspect, the present application provides a honeypot protection system, comprising: protected network, simulation node and honey jar group, wherein:
the simulation node is configured with all idle IP addresses in the protected network;
the simulation node is in communication connection with a core switch of the protected network and is used for simulating a real node in the protected network;
the honeypot group is respectively in communication connection with the protected network and the simulation node and is used for capturing flow data accessing the simulation node and the protected network.
Preferably, the simulation node is a virtual machine disposed in the target server, the virtual machine is configured with a virtual network card, and all idle IP addresses are configured with the virtual network card.
Preferably, a virtual switch assembly is arranged in the target server, the virtual switch assembly is in communication connection with the virtual network card, and the virtual switch assembly is in communication connection with the core switch.
Preferably, the virtual switch component is communicatively connected to the virtual network card in a trunk mode, and the virtual switch component is communicatively connected to the core switch in the trunk mode.
Preferably, if a plurality of vlans are divided in the protected network, the trunk port of the virtual switch component allows each vlan to perform traffic transparent transmission, the virtual machine is provided with a virtual network card corresponding to each vlan, and an idle IP address in each vlan is configured to each virtual network card correspondingly.
Preferably, each virtual network card is obtained by virtualizing any physical network card inserted into the target server by using an 802.1Q protocol.
Preferably, the honeypot group is provided with honeypots corresponding to the vlans respectively.
Preferably, the guarded network comprises a plurality of real nodes.
Preferably, each real node and each simulation node are installed with a traffic forwarding client, and the honeypot group captures traffic data accessing each real node and each simulation node by using the traffic forwarding client.
Preferably, a traffic forwarding client on any one of the real nodes or the simulation nodes is used for forwarding traffic data accessing a specified port to the honey pot group.
According to the above technical scheme, the present application provides a honeypot protection system, includes: protected network, simulation node and honey jar group, wherein: the simulation node is configured with all idle IP addresses in the protected network; the simulation node is in communication connection with a core switch of the protected network and is used for simulating a real node in the protected network; the honeypot group is respectively in communication connection with the protected network and the simulation node and is used for capturing flow data accessing the simulation node and the protected network.
Therefore, the simulation node is used for simulating the real node in the protected network, and the simulation node is configured with all idle IP addresses in the protected network, so that the simulation node can be externally accessed as the real node in the protected network. In this case, if an attacker accesses the protected network, the attacker will not only access the real nodes in the protected network, but may access the simulation nodes, but because the simulation nodes do not run the actual network service, the possibility of the protected network being attacked is reduced, and the probability of the real server being attacked is also reduced. Meanwhile, the honeypot group can capture the flow data of the access simulation node and the protected network, so that the attack information can be captured by the honeypot, and the network security is protected and improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
FIG. 1 is a schematic view of a honeypot protection system as disclosed herein;
FIG. 2 is a schematic view of another honeypot protection system disclosed herein;
fig. 3 is a schematic diagram of traffic forwarding disclosed in the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
At present, honeypots are generally used for capturing the traffic of designated ports of real servers, and more idle IP addresses exist in a service network, so that the scope of attacking the service network by an attacker is limited to the used IP addresses, and therefore the attack probability of the real servers is relatively high. Therefore, the honeypot protection system can reduce the probability of real server attack and improve network security.
Referring to fig. 1, an embodiment of the present application discloses a honeypot protection system, including: protected network, simulation node and honey jar group, wherein: the simulation node is configured with all idle IP addresses in the protected network; the simulation node is in communication connection with a core switch of the protected network and is used for simulating a real node in the protected network; the honeypot group is respectively in communication connection with the protected network and the simulation node and is used for capturing flow data of the access simulation node and the protected network.
In this embodiment, for the external visitor, the simulation node is the same as the real node in the protected network, so when the external visitor is an attacker, the simulation node can help the real node to disperse the attack probability, thereby reducing the probability that the real server is attacked.
It should be noted that the protected network includes a plurality of real nodes, i.e., a plurality of real servers. The protected network may be any service system, such as: enterprise-owned office systems, etc.
In one embodiment, the simulation node is a virtual machine disposed in the target server, the virtual machine is configured with a virtual network card, and all idle IP addresses are configured in the virtual network card. And a virtual switch assembly is arranged in the target server, the virtual switch assembly is in communication connection with the virtual network card, and the virtual switch assembly is in communication connection with the core switch.
Wherein, each idle IP address can be configured in the virtual network card by using the IP command carried by the Linux system or other operating systems.
The virtual switch component is in communication connection with the virtual network card in a trunk mode, and the virtual switch component is in communication connection with the core switch in the trunk mode.
In a specific embodiment, if a protected network is divided into a plurality of vlans, a trunk port of the virtual switch component allows each vlan to perform traffic transparent transmission, the virtual machine is provided with a virtual network card corresponding to each vlan, and an idle IP address in each vlan is configured to each virtual network card correspondingly. The honeypot group is provided with honeypots corresponding to the vlans respectively.
For example: the protected network is divided into vlan10, vlan20 and vlan 30. The vlan10 corresponds to a data center area, the vlan20 corresponds to a development environment area, and the vlan30 corresponds to an office area. Then the trunk port of the virtual switch component allows traffic to pass through between the vlan10, the vlan20 and the vlan30, and the virtual machine is provided with a virtual network card eth0.10, a virtual network card eth0.20 and a virtual network card eth0.30 which respectively correspond to each vlan. Meanwhile, the honeypot group is provided with a data center area honeypot, a development environment area honeypot and an office area honeypot which respectively correspond to each vlan.
In a specific embodiment, each virtual network card is obtained by virtualizing any physical network card inserted into the target server by using an 802.1Q protocol, so that one physical network card is virtualized into a plurality of virtual network cards.
In one embodiment, each real node and each simulation node are installed with a traffic forwarding client, and the honeypot group captures traffic data accessing each real node and each simulation node by using the traffic forwarding clients.
Of course, the honeypot group may also protect only a specified port or ports of a certain node, that is: and the traffic forwarding client on any real node or simulation node is used for forwarding the traffic data accessing the specified port to the honeypot group.
It can be seen that, in the embodiment, the simulation node is used for simulating the real node in the protected network, and the simulation node is configured with all the idle IP addresses in the protected network, so that the simulation node can be externally accessed as the real node in the protected network. In this case, if an attacker accesses the protected network, the attacker will not only access the real nodes in the protected network, but may access the simulation nodes, but because the simulation nodes do not run the actual network service, the possibility of the protected network being attacked is reduced, and the probability of the real server being attacked is also reduced. Meanwhile, the honeypot group can capture the flow data of the access simulation node and the protected network, so that the attack information can be captured by the honeypot, and the network security is protected and improved.
It should be noted that, in an actual attack and defense scene and daily security protection, for an environment in which honeypots are deployed, only when an attacker touches honeypots, the alarm of honeypots can be triggered, and therefore, capturing the behavior of the attacker through honeypots is a probabilistic event. When an attack action occurs, the more the honeypots occupy the IP nodes, the greater the probability of capturing the attack action is. Therefore, it is desirable to direct all the idle IP traffic into the honeypot as much as possible, so as to maximize the detection of the attacker's trace and to perform the function of the honeypot cluster.
Accordingly, the traffic forwarding client is installed in the existing equipment of the client and the simulation node to monitor the client assets (such as servers and the like) and specific ports on the simulation node and forward related traffic to the honeypot, so that the access traffic is guided into the honeypot as much as possible, and the traces of attackers are detected to the maximum extent.
Referring to fig. 2, the traffic black hole node in fig. 2 is an analog node, and vswitch is a virtual switch component. And the protected network consists of a data center area corresponding to the vlan10, a development environment area corresponding to the vlan20 and an office area corresponding to the vlan 30.
Fig. 2 does not show the protection of the protected network by the honeypot, and in fact, each node of the protected network is also provided with a traffic forwarding client, so that the honeypot listens to one or all ports on each node of the protected network.
The traffic black hole node is essentially a virtual machine, a virtual network card of the virtual machine is connected with the virtual switch component in a trunk mode, and is also connected with a core switch of the protected network in the trunk mode. Wherein the virtual switch component and the virtual machine can run in the same or different servers.
Assuming 100 servers per zone of the protected network, 20 honeypots are deployed per zone, at which time the probability of an attacker touching a honeypot is only 20/120 for each zone. Assuming 133 free IP addresses per zone and that the free IP addresses of the respective zones are all occupied by the simulated nodes, the probability of an attacker touching the honeypot is raised to 153/253 for each zone. Therefore, the simulation node can reduce the probability of the attack of the real server.
Specifically, after the traffic black hole node is started, trunk port attributes of the virtual switch components are configured to allow traffic transparent transmission of vlan10, vlan20 and vlan30, and three virtual network cards eth0.10, eth0.20 and eth0.30 are created in the traffic black hole node based on an 802.1Q protocol and respectively correspond to vlan10, vlan20 and vlan 30. And respectively and sequentially configuring idle IP addresses in corresponding network segments for each virtual network card by using the own IP command of the Linux system, so that all the idle IP addresses in the specified network segment can be occupied by the flow black hole node. For example: the eth0.10 virtual network card new IP address 192.168.10.168 has an operation command of IP addr add192.168.10.168/24dev eth 0.10. All free IPs have been honeypot so far, and the probability of an attacker touching a honeypot is greatly increased to 153/253.
After configuration is complete, the traffic forwarding rules may be as described with reference to fig. 3 and the following example.
Suppose 192.168.10.8 is a windows honeypot and 192.168.10.68 is an OA honeypot for linux operating system. 192.168.10.108 and 192.168.10.168 are both free IP addresses configured for traffic black hole nodes. Running a traffic forwarding client on the traffic black hole node, snoops 192.168.10.108 the 3389 port of this address and forwards all traffic sent to the 3389 port of 192.168.10.108 to the 3389 port of the windows honeypot. At this point, using the 3389 port of windows remote desktop client connection 192.168.10.108, the resulting traffic would be forwarded to 3389 port 192.168.10.8, equivalent to direct access 192.168.10.8. In the same way, the 80 port of 192.168.10.168 is snooped and the received traffic is forwarded to the 80 port of 192.168.10.68, at which point 192.168.10.68 is equivalent to an OA honeypot.
As can be seen, in this embodiment, the virtual network card technology of the 802.1Q protocol is applied to the honeypot protection system, and it is supported that one physical network card is virtualized into a plurality of virtual network cards, and the plurality of virtual network cards are located in different vlans. Meanwhile, a single virtual network card is configured with multiple IP addresses, so that one virtual network card can occupy multiple (dozens or hundreds) of idle IP addresses, the coverage of honeypots is greatly improved, the probability of an attacker touching the honeypots is improved, and the effect of protecting customer assets is achieved.
References in this application to "first," "second," "third," "fourth," etc., if any, are intended to distinguish between similar elements and not necessarily to describe a particular order or sequence. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that the embodiments described herein may be practiced otherwise than as specifically illustrated or described herein. Furthermore, the terms "comprises" and "comprising," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, or apparatus.
It should be noted that the descriptions in this application referring to "first", "second", etc. are for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In addition, technical solutions between various embodiments may be combined with each other, but must be realized by a person skilled in the art, and when the technical solutions are contradictory or cannot be realized, such a combination should not be considered to exist, and is not within the protection scope of the present application.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of readable storage medium known in the art.
The principle and the implementation of the present application are explained herein by applying specific examples, and the above description of the embodiments is only used to help understand the method and the core idea of the present application; meanwhile, for a person skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.
Claims (10)
1. A honeypot protection system, comprising: protected network, simulation node and honey jar group, wherein:
the simulation node is configured with all idle IP addresses in the protected network;
the simulation node is in communication connection with a core switch of the protected network and is used for simulating a real node in the protected network;
the honeypot group is respectively in communication connection with the protected network and the simulation node and is used for capturing flow data accessing the simulation node and the protected network.
2. The honeypot protection system of claim 1, wherein the simulation node is a virtual machine disposed in a target server, the virtual machine configured with a virtual network card, all free IP addresses configured with the virtual network card.
3. The honeypot protection system of claim 2, wherein a virtual switch component is disposed in the target server, the virtual switch component is communicatively coupled to the virtual network card, and the virtual switch component is communicatively coupled to the core switch.
4. The honeypot protection system of claim 3, wherein the virtual switch component is communicatively coupled to the virtual network card in a trunk mode and the virtual switch component is communicatively coupled to the core switch in a trunk mode.
5. The honeypot protection system according to claim 3, wherein if a plurality of vlans are divided in the protected network, the trunk port of the virtual switch component allows each vlan to perform traffic transparent transmission, the virtual machine is provided with a virtual network card corresponding to each vlan, and an idle IP address in each vlan is configured in each virtual network card in correspondence.
6. The honeypot protection system of claim 5, wherein each virtual network card is obtained by virtualizing any physical network card plugged into the target server using an 802.1Q protocol.
7. Honeypot protection system in accordance with claim 5, characterized in that the group of honeypots is provided with honeypots corresponding to each vlan, respectively.
8. Honeypot protection system in accordance with any of claims 1 to 7, characterized in that the protected network comprises a plurality of real nodes.
9. The honeypot protection system of claim 8, wherein each real node and the simulation node are installed with a traffic forwarding client, the honeypot group capturing traffic data with the traffic forwarding client that accesses each real node and the simulation node.
10. The honey pot protection system of claim 8, wherein traffic forwarding clients on any real node or the simulation node are used to forward traffic data accessing a specified port to the honey pot group.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110907998.3A CN113612783B (en) | 2021-08-09 | 2021-08-09 | Honeypot protection system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110907998.3A CN113612783B (en) | 2021-08-09 | 2021-08-09 | Honeypot protection system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113612783A true CN113612783A (en) | 2021-11-05 |
| CN113612783B CN113612783B (en) | 2023-05-19 |
Family
ID=78339994
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110907998.3A Active CN113612783B (en) | 2021-08-09 | 2021-08-09 | Honeypot protection system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113612783B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114221804A (en) * | 2021-12-12 | 2022-03-22 | 中国电子科技集团公司第十五研究所 | Honeypot identification method based on feature identification and interactive verification |
| CN114584349A (en) * | 2022-02-15 | 2022-06-03 | 烽台科技(北京)有限公司 | Network data protection method, device, terminal and readable storage medium |
| CN115333804A (en) * | 2022-07-27 | 2022-11-11 | 阿里云计算有限公司 | Honeypot flow guiding method and device, electronic equipment and readable storage medium |
| CN117118760A (en) * | 2023-10-24 | 2023-11-24 | 北京派网科技有限公司 | Threat perception method, device and storage medium for traffic forwarding based on pseudo network |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103139184A (en) * | 2011-12-02 | 2013-06-05 | 中国电信股份有限公司 | Intelligent network firewall device and network attack protection method |
| US20140096229A1 (en) * | 2012-09-28 | 2014-04-03 | Juniper Networks, Inc. | Virtual honeypot |
| CN107070929A (en) * | 2017-04-20 | 2017-08-18 | 中国电子技术标准化研究院 | A kind of industry control network honey pot system |
| CN110650154A (en) * | 2019-07-03 | 2020-01-03 | 广州非凡信息安全技术有限公司 | System and method for deploying virtual honeypots in multiple network segments based on real network environment |
| CN110784476A (en) * | 2019-10-31 | 2020-02-11 | 国网河南省电力公司电力科学研究院 | Power monitoring active defense method and system based on virtualization dynamic deployment |
| CN110881052A (en) * | 2019-12-25 | 2020-03-13 | 成都知道创宇信息技术有限公司 | Network security defense method, device and system and readable storage medium |
| CN112578761A (en) * | 2021-02-03 | 2021-03-30 | 山东云天安全技术有限公司 | Industrial control honey pot safety protection device and method |
| CN112738128A (en) * | 2021-01-08 | 2021-04-30 | 广州锦行网络科技有限公司 | Novel honeypot networking method and honeypot system |
| CN112738002A (en) * | 2019-10-14 | 2021-04-30 | 博智安全科技股份有限公司 | Technology for building industrial control honey net based on virtuality and reality combination |
| CN112769771A (en) * | 2020-12-24 | 2021-05-07 | 中国人民解放军战略支援部队信息工程大学 | Network protection method, system and system architecture based on false topology generation |
-
2021
- 2021-08-09 CN CN202110907998.3A patent/CN113612783B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103139184A (en) * | 2011-12-02 | 2013-06-05 | 中国电信股份有限公司 | Intelligent network firewall device and network attack protection method |
| US20140096229A1 (en) * | 2012-09-28 | 2014-04-03 | Juniper Networks, Inc. | Virtual honeypot |
| CN107070929A (en) * | 2017-04-20 | 2017-08-18 | 中国电子技术标准化研究院 | A kind of industry control network honey pot system |
| CN110650154A (en) * | 2019-07-03 | 2020-01-03 | 广州非凡信息安全技术有限公司 | System and method for deploying virtual honeypots in multiple network segments based on real network environment |
| CN112738002A (en) * | 2019-10-14 | 2021-04-30 | 博智安全科技股份有限公司 | Technology for building industrial control honey net based on virtuality and reality combination |
| CN110784476A (en) * | 2019-10-31 | 2020-02-11 | 国网河南省电力公司电力科学研究院 | Power monitoring active defense method and system based on virtualization dynamic deployment |
| CN110881052A (en) * | 2019-12-25 | 2020-03-13 | 成都知道创宇信息技术有限公司 | Network security defense method, device and system and readable storage medium |
| CN112769771A (en) * | 2020-12-24 | 2021-05-07 | 中国人民解放军战略支援部队信息工程大学 | Network protection method, system and system architecture based on false topology generation |
| CN112738128A (en) * | 2021-01-08 | 2021-04-30 | 广州锦行网络科技有限公司 | Novel honeypot networking method and honeypot system |
| CN112578761A (en) * | 2021-02-03 | 2021-03-30 | 山东云天安全技术有限公司 | Industrial control honey pot safety protection device and method |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114221804A (en) * | 2021-12-12 | 2022-03-22 | 中国电子科技集团公司第十五研究所 | Honeypot identification method based on feature identification and interactive verification |
| CN114221804B (en) * | 2021-12-12 | 2022-11-08 | 中国电子科技集团公司第十五研究所 | Honeypot identification method based on feature identification and interactive verification |
| CN114584349A (en) * | 2022-02-15 | 2022-06-03 | 烽台科技(北京)有限公司 | Network data protection method, device, terminal and readable storage medium |
| CN115333804A (en) * | 2022-07-27 | 2022-11-11 | 阿里云计算有限公司 | Honeypot flow guiding method and device, electronic equipment and readable storage medium |
| CN117118760A (en) * | 2023-10-24 | 2023-11-24 | 北京派网科技有限公司 | Threat perception method, device and storage medium for traffic forwarding based on pseudo network |
| CN117118760B (en) * | 2023-10-24 | 2024-01-23 | 北京派网科技有限公司 | Threat perception method, device and storage medium for traffic forwarding based on pseudo network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113612783B (en) | 2023-05-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113612783B (en) | Honeypot protection system | |
| ES2898869T3 (en) | System and methods for automatic device detection | |
| CN107426242B (en) | Network security protection method, device and storage medium | |
| CN111274583A (en) | Big data computer network safety protection device and control method thereof | |
| CN110881052A (en) | Network security defense method, device and system and readable storage medium | |
| EP1814257A1 (en) | Cloaked device scan | |
| CN111756712A (en) | Method for forging IP address and preventing attack based on virtual network equipment | |
| US10440054B2 (en) | Customized information networks for deception and attack mitigation | |
| CN112019545B (en) | Honeypot network deployment method, device, equipment and medium | |
| CN105516189A (en) | Network security enforcement system and method based on big data platform | |
| CN112714137A (en) | Method for deploying honey nets across vlan in large scale based on virtual switching | |
| CN113411297A (en) | Situation awareness defense method and system based on attribute access control | |
| CN117411711A (en) | Threat blocking method for intrusion detection defense system | |
| Mugitama et al. | An evidence-based technical process for openflow-based SDN forensics | |
| JP7517454B2 (en) | RISK ANALYSIS APPARATUS, ANALYSIS TARGET ELEMENT DECISION APPARATUS, METHOD, AND PROGRAM | |
| CN112003853B (en) | Network security emergency response system supporting ipv6 | |
| CN111683063B (en) | Message processing method, system, device, storage medium and processor | |
| CN114117408A (en) | Method and device for monitoring command of attack end and readable storage medium | |
| KR100870871B1 (en) | Access level network securing device and securing system thereof | |
| Alese et al. | Improving deception in honeynet: Through data manipulation | |
| US20190207977A1 (en) | Detecting malicious actors | |
| KR102184757B1 (en) | Network hidden system and method | |
| CN114465747B (en) | Active deception defense method and system based on dynamic port disguise | |
| US20230269236A1 (en) | Automatic proxy system, automatic proxy method and non-transitory computer readable medium | |
| CN117614746B (en) | Switch defense attack method based on historical statistics for judging deviation behaviors |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |